Zomato, Verizon, HBO, Yahoo; just some of the brands in the news for data breaches in recent years.
Yours may have been one of the 500 million tweets sent everyday or perhaps you logged on to a fitness app, used your bank app for a payment or checked on one of those irresistible, “ Which Bollywood celeb you would marry’, quizzes on Facebook.
With apologies to Sting, “ Every move you make, every step you take, whatever you do," data is watching you. We leave bits and bytes of our life on the internet leaving us vulnerable to data misuse. Which is why companies, especially data heavy companies, face the huge challenge of keeping our trust as they handle our most sensitive and personal information.
Says Shoeb Ahmed Shaikh, director — south, Ideosphere Consulting, “ Any sort of leak, can have far reaching consequences. Not only does this throw customer confidence into chaos, but also marks a long, painful process of building your brand reputation from scratch. “You’re as good as your last victory," is what they say. This transitions to “you’re as bad as your last data security loss” today. Not only does it completely upend your communication plans, but it requires infusion of both staff-hours and capital to rise above the damage done. You can only hope that your competition doesn’t steal a march on you in the interim. PR teams at data driven organisations should put together a ‘Crisis Prevention’ manual to serve as a marker and get important stakeholders to conform to the importance of data integrity.”
In a LinkedIn post, Rajneesh Chowdhury, vice-president at The PRactice advised building a pool of influencers, including from its user base, who will stand by the company as champions in case of an adverse situation.
Chowdhury also said that, “Organisations need to move away from the culture of secrecy around cyberattacks as most hacks or hacking attempts in India are tucked under the carpet and are not disclosed. This hinders information sharing between intelligence agencies and experts to track down the “dark web” in search of miscreants.”
- Zomato, 17 million user data hacked in May, 2017
- 3.2 million credit cards in India hacked in May toy 2016. Major Indian banks affected.
- Verizon, 6 million users exposed in July 2017
- Wanna attack in May 2017 affected over 150 countries worldwide. India third worst nation affected.
- Indigo Twitter handle hacked in January 2017 Hacker changed handle.from @IndiGo6e to @activevibezzz1.
- Login and password details of 117 million LinkedIn users published online in May 2016.
Over a billion Yahoo accounts breached in 2013
Chowdhury points out that another challenge is that new regulations need to be introduced for the state to stay abreast of the new world of challenges and vulnerabilities being created by highly sophisticated cybercriminals. The IT Act of India was institutionalised way back in the year-2000.
Chowdhury explains that, “Several of the companies we see today have come with disruptive new-age business models, which often present surprises at the policy level. These companies need to make proactive efforts to reach out to the upper echelons of the state decision making and bring about awareness and education about their businesses, the threats they face, and how effective policies can support them. “
Using PR to fight backlash from security breaches
Ahmed Shaikh suggests that, “An organisation should ensure that every job role that can contribute to data loss risk is streamlined. This stretches as far back to the actual hiring and verification process to clearance levels set to match employee functions. The role of PR is to highlight these measures to build client confidence through conversation about best practices and a real-world meets real-time approach. The saying, prevention is better than cure, holds its most relevant meaning in this case.”
Chowdhury lists investing in scenario analysis and a robust real-time response system; as well as keeping yourself technologically updated.
“Last year, Yahoo! admitted unearthing a major attack that affected over a billion accounts which the company blamed on hackers working on behalf of a government. The sequence of events prompted Verizon Communication to think of withdrawing from an agreement to buy Yahoo!'s core internet business for nearly five-billion US Dollars.” Rajneesh Chowdhury
Chowdhury also says that PR can play its most crucial role in the all important restoration period. He says, “The post-breach process needs to be directed to restore confidence in the organisation and rebuild the corporate reputation. You may get the impression that this is a sequential final stage, but this actually flows through the entire process right from the time a cyberattack breaks out. Transparency and frequency is at the crux of this communication. The stronger the engagement and trust has been in the stakeholder universe, the quicker the turnaround is expected to be.”